No, you have to check all pages if they contain links to http files, javascript for graphs and the like.Normal http images will only give the "unsecure' warnings, but http javascripts and iframes will only show white areas on the pages.

Step 1: have a https certificateStep 2: all visitors still go to the http siteStep 3; you check every part of all your sites it there is an error (in chrome inspect => console tab) and check if you can find https sourcesWhen all is OK => switch to htpps with the htaccess but only AFTER you made a solution for thos pages you still want to show but which will not work under https.

Yes. it is doable, but take far more work then the sellers of https talk about,

Thanks Wim.GoDaddy had called to warn me of the upcoming issues on unsecured sites. I can get the Standard UCC SSL for up to 5 domain sites.

I understand that I can add my sites one at a time as SSL secured so maybe the best way is to buy and start with adding one domain at a time. I have 3 domains for not-for-profit organizations that have very simple websites so not too difficult to experiment with these first before I go to the weather sites.

These are all under my komokaweather.com hosting but in talking to GoDaddy hosting is not affected as unsecured, just the domains. I presume that once I add a domain to the SSL certificate then the green padlock will appear on that domain's pages.

Quote

Step 3; you check every part of all your sites it there is an error (in chrome inspect => console tab) and check if you can find https sources

I seldom use Chrome so not familiar with the various functions (not familiar with them in Firefox either ). I presume you mean that when a site is open in Chrome then press [F12], then [Console]. and with that I get clean results in the 3 simple domains and komokaweather.com. In komokaweather.ca (Saratoga template) I get one 404 (not found) which is at weatheroffice.ec.ca and I presume that is out of my control.

Thanks Wim.GoDaddy had called to warn me of the upcoming issues on unsecured sites. I can get the Standard UCC SSL for up to 5 domain sites.

I understand that I can add my sites one at a time as SSL secured so maybe the best way is to buy and start with adding one domain at a time. I have 3 domains for not-for-profit organizations that have very simple websites so not too difficult to experiment with these first before I go to the weather sites.

These are all under my komokaweather.com hosting but in talking to GoDaddy hosting is not affected as unsecured, just the domains. I presume that once I add a domain to the SSL certificate then the green padlock will appear on that domain's pages.

Quote

Step 3; you check every part of all your sites it there is an error (in chrome inspect => console tab) and check if you can find https sources

I seldom use Chrome so not familiar with the various functions (not familiar with them in Firefox either ). I presume you mean that when a site is open in Chrome then press [F12], then [Console]. and with that I get clean results in the 3 simple domains and komokaweather.com. In komokaweather.ca (Saratoga template) I get one 404 (not found) which is at weatheroffice.ec.ca and I presume that is out of my control.

Or is there another function way to check on the https sources?

Again thanks and appreciate the guidance.

Paul

When you run your current site now, you see the errors using http.When you have a certificate you should add that site, but without forcing the use of HTTPS, so without htaccess redirect.You then can test the site by accessing it yourself with https:// and see if there are errors.Example http://www.komokaweather.com/ at that site there are 90 http:// links, most of them probably links to other websites which will open in a new tab. Those external websites do their own redirecting, nothing to bother with now.

Hostmonster sent me a reminder, I am now secure, not that i wasn't . I found that it takes some time for the web host to convert the ssl and all that . Then if your padlock by the url isn't green, you have to go into your scripts to find what is wrong. Hostmonster.com sent me to this site and I was able to find out what: https://www.whynopadlock.com/just something to consider.

I use LetsEncrypt certs on all the sites on my VPS (the Plesk panel has great integration for that). For the WXforum.net shared server, I have a DigiCert from 1and1 (and did a second for northamericanweather.net which shares the server). 1and1 shared servers do not allow for LetsEncrypt certs (grumble).

On a GoDaddy shared site with cPanel, it's possible (and quite complicated) to have https://www.sslforfree.com/ use letsencrypt generate a set of certs for your site and you install them using the GoDaddy cPanel -- a pain, but doable.

On Dreamhost, I have LetsEncrypt certs on sites there -- easy integration with their admin panel.

Other hosters may just want you to buy a cert through them and not allow independently generated certs.

I got a non-secure error on my site this morning, but after an hour it was back up and running. However, it may be a good idea for me to go to SSL on my site.

A couple questions though, and I'm hoping Ken can answer one of them:1- How long is the cert from SSLforFree good for? I can't find the info on the page.2- Where do you put the forced redirect information? It says on your page, but do they mean the index.php file? I don't see anything there that indicates where it would go. I also saw mention of putting it in the .htaccess file, but I don't have that file on my server (GoDaddy). I have it showing hidden files and I see a few .<folders> and .<files>, but not the .htaccess file. Do I need to create one?

I think the certificate is good for one year. I have Hostmonster. they sold me the certificate and then converted my URL to the https format. I paid for it. But there are a lot of good companies. I went with Hostmonster and enjoyed their service well. help is 24/7 so for me it is a good deal.

Sometimes in your site if you have reference to non secure urls, you won't get the green padlock. This site will tell you what isn't working and then you have to ferret out what is wrong and fix it, retest and then you are better.

I think the certificate is good for one year. I have Hostmonster. they sold me the certificate and then converted my URL to the https format. I paid for it. But there are a lot of good companies. I went with Hostmonster and enjoyed their service well. help is 24/7 so for me it is a good deal.

Sometimes in your site if you have reference to non secure urls, you won't get the green padlock. This site will tell you what isn't working and then you have to ferret out what is wrong and fix it, retest and then you are better.

I got a cert for my site from the one Ken mentioned (SSLforFree). I'm a little confused by it as there's a certificate.crt file, but then there's a ca_bundle.crt file as well. I uploaded both of them. The certificate.crt file is only good for 3 months, but the ca_bundle.crt is good for over a year. I'm not sure which one will be used.

My biggest hurdle is figuring out how to get my site converted over. There's no .htaccess file, so I have no idea where to put the lines redirecting the site to the secure one.

I'm hosted with GoDaddy, and I'm pretty sure it's on Linux (I choose them because it was one of the few I could find I knew of and allowed Cron jobs).

Why No padlock gives me a green on everything, with the only issue being that my site isn't forcing to https. It's using a self-signed cert. I created a .htaccess file (no extension) and put in the recommended lines that NoPadlock suggested for my site. I guess all I need to do is upload it and see what happens. If it goes BOOM I can just take the file out I guess.

Edit: I'm wondering if I need to delete the self signed cert in GoDaddy as well so the only ones there are the two from SSLforFree?

Fortunately my provider include SSL cert for free, lol, I'ms sure I'm paying for it somewhere, but it works.

I also used NoPadlock. What I did was took the info from NoPadlock, went into each part of those scripts and just changed the http to https. At first I was pretty careful, but with so many files to check, I eventually searched each on for a http, and when It came up added an s and check my web page to see if everything was working and moved on. I think I got lucky, but it is done.